) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2016-3389 |
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3386, CVE-2016-7190, and CVE-2016-7194. Published: October 13, 2016; 10:59:26 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 7.6 HIGH |
| CVE-2016-3388 |
Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3387. Published: October 13, 2016; 10:59:24 PM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 2.6 LOW |
| CVE-2016-3387 |
Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3388. Published: October 13, 2016; 10:59:23 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 6.8 MEDIUM |
| CVE-2016-3386 |
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3389, CVE-2016-7190, and CVE-2016-7194. Published: October 13, 2016; 10:59:22 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 9.3 HIGH |
| CVE-2016-3382 |
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by the Chakra JavaScript engine, aka "Scripting Engine Memory Corruption Vulnerability." Published: October 13, 2016; 10:59:18 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 9.3 HIGH |
| CVE-2016-3331 |
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." Published: October 13, 2016; 10:59:14 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 9.3 HIGH |
| CVE-2016-3267 |
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of unspecified files via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." Published: October 13, 2016; 10:59:11 PM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-3377 |
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3350. Published: September 14, 2016; 6:59:51 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 7.6 HIGH |
| CVE-2016-3374 |
The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "PDF Library Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3370. Published: September 14, 2016; 6:59:49 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-3370 |
The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "PDF Library Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3374. Published: September 14, 2016; 6:59:44 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-3351 |
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." Published: September 14, 2016; 6:59:24 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 2.6 LOW |
| CVE-2016-3350 |
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3377. Published: September 14, 2016; 6:59:23 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 7.6 HIGH |
| CVE-2016-3330 |
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3294. Published: September 14, 2016; 6:59:17 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 7.6 HIGH |
| CVE-2016-3325 |
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." Published: September 14, 2016; 6:59:15 AM -0400 |
V4.0:(not available) V3.0: 3.1 LOW V2.0: 2.6 LOW |
| CVE-2016-3297 |
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." Published: September 14, 2016; 6:59:10 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2016-3295 |
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." Published: September 14, 2016; 6:59:09 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.1 MEDIUM |
| CVE-2016-3294 |
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3330. Published: September 14, 2016; 6:59:08 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 7.6 HIGH |
| CVE-2016-3291 |
Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-origin requests, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." Published: September 14, 2016; 6:59:05 AM -0400 |
V4.0:(not available) V3.0: 2.4 LOW V2.0: 2.6 LOW |
| CVE-2016-3247 |
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." Published: September 14, 2016; 6:59:04 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.1 MEDIUM |
| CVE-2016-7153 |
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. Published: September 06, 2016; 6:59:01 AM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |